odysseus

mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-22 20:55:29 -04:00

T

nopoz 7e5db9a3c6 fix(security): redact credential-bearing URLs and PII from logs (#4750 )

* fix(security): redact credential-bearing URLs and PII from logs

Several log statements emitted sensitive data in clear text:

- model_routes / chat_routes / contacts_routes logged endpoint URLs raw.
  Admin-configured URLs can embed credentials in userinfo or query
  (e.g. https://user:pass@host, ?api_key=...). Route them through a
  shared core.log_safety.redact_url() that drops userinfo/query/fragment.
- note_routes / task_scheduler logged operator email addresses (smtp_user,
  recipient). Replaced with presence booleans, which keeps the diagnostic
  ("why didn't this send") without writing PII to logs.

model_routes already had a local redactor on its HTTPStatusError branch;
the generic except branch was missed, so reuse the existing helper there.

Clears CodeQL py/clear-text-logging-sensitive-data alerts 264, 317, 324,
325, 343, 344, 528.

* fix(security): re-bracket IPv6 hosts and single-source the URL redactor

Address review on #4750:
- redact_url now re-brackets IPv6 literals so host:port stays
  unambiguous (https://[2001:db8::1]:8443/v1, not the bracket-less
  ambiguous form).
- point model_routes._redact_url_for_log at the shared helper so the
  two redactors are single-sourced (also picks up the IPv6 fix).

2026-06-22 23:12:39 +02:00

.github

chore(deps): bump actions/checkout in the actions group (#4559 )

2026-06-18 20:49:58 +02:00

companion

fix(companion): require chat scope for model inventory (#4319 )

2026-06-16 01:15:05 +02:00

config/searxng

Generate SearXNG secret on first boot

2026-06-01 11:03:02 +09:00

core

fix(security): redact credential-bearing URLs and PII from logs (#4750 )

2026-06-22 23:12:39 +02:00

docker

Merge origin/dev into main

2026-06-21 11:08:50 +00:00

docs

docs(setup): note -BindHost flag for LAN access on native Windows (#4636 )

2026-06-22 20:29:55 +02:00

integrations

Add Codex and Claude document draft integration

2026-06-09 14:27:53 +09:00

licenses

feat(a11y): add a Text size control and an OpenDyslexic font option (#4210 )

2026-06-22 13:53:46 +02:00

mcp_servers

fix(email): enforce MCP owner boundaries (#4335 )

2026-06-16 04:31:24 +01:00

routes

fix(security): redact credential-bearing URLs and PII from logs (#4750 )

2026-06-22 23:12:39 +02:00

scripts

Fix odysseus-calendar list dropping in-progress / multi-day events (#2065 )

2026-06-16 14:04:56 +02:00

services

fix(hwfit): repair remote Windows hardware scan over SSH (#4674 )

2026-06-22 20:59:09 +02:00

specs

docs(architecture): add Phase 0 runtime inventory document (#4148 )

2026-06-16 04:57:24 +01:00

src

fix(security): redact credential-bearing URLs and PII from logs (#4750 )

2026-06-22 23:12:39 +02:00

static

fix(security): escape backslashes in calendar bg-image CSS url() (#4712 )

2026-06-22 21:17:52 +02:00

tests

fix(security): redact credential-bearing URLs and PII from logs (#4750 )

2026-06-22 23:12:39 +02:00

.dockerignore

fix(devops): harden docker config defaults (#4349 )

2026-06-16 04:03:43 +01:00

.env.example

Parameterize Docker Compose volume host paths (#3907 )

2026-06-15 20:30:18 +09:00

.gitattributes

Add native Windows compatibility layer

2026-06-01 15:09:47 +09:00

.gitignore

pwa missing icons added (#428 )

2026-06-15 16:00:13 +09:00

ACKNOWLEDGMENTS.md

feat(a11y): add a Text size control and an OpenDyslexic font option (#4210 )

2026-06-22 13:53:46 +02:00

app.py

fix: use aware UTC in health timestamp (#4503 )

2026-06-18 20:58:25 +02:00

build-macos-app.sh

macOS app: force native arm64 uvicorn on Apple Silicon

2026-06-02 20:56:53 +09:00

build-windows-portable.ps1

feat(launcher): add portable windows launcher (#976 )

2026-06-16 04:58:16 +01:00

CONTRIBUTING.md

Change host from 0.0.0.0 to 127.0.0.1 in CONTRIBUTING.md (#4422 )

2026-06-16 13:40:47 +00:00

docker-compose.gpu-amd.yml

CI fixes for cookbook workflow sync

2026-06-22 02:08:25 +00:00

docker-compose.gpu-nvidia.yml

CI fixes for cookbook workflow sync

2026-06-22 02:08:25 +00:00

docker-compose.yml

Merge origin/dev into main

2026-06-21 11:08:50 +00:00

Dockerfile

Docker compose: mount docker.sock + install Docker CLI so Cookbook can reach sibling containers

2026-06-19 00:32:47 +00:00

install-service.sh

Odysseus v1.0

2026-05-31 23:58:26 +09:00

launch-windows.ps1

feat(launcher): add portable windows launcher (#976 )

2026-06-16 04:58:16 +01:00

launcher.py

feat(launcher): add portable windows launcher (#976 )

2026-06-16 04:58:16 +01:00

LICENSE

chore: backport main-only changes to dev AGPL relicense + Cookbook serve fix (#3704 )

2026-06-09 23:20:34 +02:00

odysseus-ui.service

fix: systemd service should serve on port 7000 to match Docker/setup/README (#1297 )

2026-06-03 02:04:37 +09:00

Odysseus.spec

feat(launcher): add portable windows launcher (#976 )

2026-06-16 04:58:16 +01:00

package-lock.json

chore(deps): remove unused @anthropic-ai/sdk dependency (#4566 )

2026-06-19 09:40:35 +02:00

package.json

chore(deps): remove unused @anthropic-ai/sdk dependency (#4566 )

2026-06-19 09:40:35 +02:00

pyproject.toml

test: add fast lane and duration visibility (#3659 )

2026-06-09 20:11:47 +02:00

README.md

Refresh README screenshot

2026-06-22 04:54:15 +00:00

requirements-optional.txt

chore(deps): bump the python group with 3 updates (#3991 )

2026-06-15 19:25:15 +09:00

requirements.txt

chore(deps): bump the python group with 3 updates (#3991 )

2026-06-15 19:25:15 +09:00

ROADMAP.md

Fix typos in the ROADMAP intro (#1421 )

2026-06-03 14:12:10 +09:00

SECURITY.md

Clarify private deployment hardening docs

2026-06-02 13:01:12 +09:00

setup.py

fix(auth): centralize password and username validation constants (#4120 )

2026-06-16 09:52:15 +02:00

start-macos.sh

fix(macos): rebuild incomplete venv instead of failing on re-run (#3106 )

2026-06-15 16:12:19 +09:00

THREAT_MODEL.md

docs: add THREAT_MODEL.md (#1111 )

2026-06-02 22:40:37 +09:00

update_windows.bat

Windows: add Docker update script

2026-06-02 20:45:32 +09:00

README.md

A self-hosted AI workspace for chat, agents, research, documents, email, notes, calendar, and local model workflows.

Quick Start · Setup Guide · Contributing · Roadmap

Quick Start

dev is the default branch and gets the newest changes first. Use main if you want the more curated branch.

git clone https://github.com/pewdiepie-archdaemon/odysseus.git
cd odysseus
cp .env.example .env
docker compose up -d --build

Open http://localhost:7000 when the containers are healthy. The first admin password is printed in docker compose logs odysseus.

Native installs, GPU notes, Windows/macOS instructions, HTTPS, and configuration live in the setup guide.

Features

Chat + Agents — local/API models, tools, MCP, files, shell, skills, and memory.
Cookbook — hardware-aware model recommendations, downloads, and serving.
Deep Research — multi-step web research with source reading and report generation.
Compare — blind side-by-side model testing and synthesis.
Documents — writing-first editor with AI edits, suggestions, Markdown, HTML, CSV, and syntax highlighting.
Email — IMAP/SMTP inbox with triage, tags, summaries, reminders, and reply drafts.
Notes, Tasks + Calendar — reminders, todos, scheduled agent tasks, and CalDAV sync.
Extras — gallery/image editor, themes, uploads, web search, presets, sessions, and 2FA.

Demo

A full hover-to-play tour lives on the landing page: docs/index.html.

Contributing

Help is welcome. The best entry points are fresh-install testing, provider setup bugs, mobile/editor polish, docs, and small focused refactors. See CONTRIBUTING.md and ROADMAP.md.

Security

Odysseus is a self-hosted workspace with powerful local tools. Keep auth enabled, keep private data out of Git, and do not expose raw model/service ports publicly. Deployment details are in the setup guide.

Star History

License

AGPL-3.0-or-later -- see LICENSE and ACKNOWLEDGMENTS.md.

Languages

Python 50%

JavaScript 39.5%

CSS 8.2%

HTML 1.8%

Shell 0.4%